fix(stdStorage): wrong slot id may returned by find() when slot value == 1337 (#446)

paco0x · web-flow · commit fac7bd8d4e27 · 2023-08-31T08:13:34.000-07:00
* fix(stdStorage): wrong slot id may returned by `find()` when slot value == 1337

* chore: type cast optimization

* use snake case to match the naming styles
diff --git a/src/StdStorage.sol b/src/StdStorage.sol
@@ -68,16 +68,20 @@ library stdStorageSafe {
                 if (prev == bytes32(0)) {
                     emit WARNING_UninitedSlot(who, uint256(reads[i]));
                 }
+                if (prev != fdat) {
+                    continue;
+                }
+                bytes32 new_val = ~prev;
                 // store
-                vm.store(who, reads[i], bytes32(hex"1337"));
+                vm.store(who, reads[i], new_val);
                 bool success;
-                bytes memory rdat;
                 {
+                    bytes memory rdat;
                     (success, rdat) = who.staticcall(cald);
                     fdat = bytesToBytes32(rdat, 32 * field_depth);
                 }
 
-                if (success && fdat == bytes32(hex"1337")) {
+                if (success && fdat == new_val) {
                     // we found which of the slots is the actual one
                     emit SlotFound(who, fsig, keccak256(abi.encodePacked(ins, field_depth)), uint256(reads[i]));
                     self.slots[who][fsig][keccak256(abi.encodePacked(ins, field_depth))] = uint256(reads[i]);
diff --git a/test/StdStorage.t.sol b/test/StdStorage.t.sol
@@ -21,6 +21,10 @@ contract StdStorageTest is Test {
         assertEq(uint256(0), stdstore.target(address(test)).sig("exists()").find());
     }
 
+    function test_StorageExtraSload() public {
+        assertEq(16, stdstore.target(address(test)).sig(test.extra_sload.selector).find());
+    }
+
     function test_StorageCheckedWriteHidden() public {
         stdstore.target(address(test)).sig(test.hidden.selector).checked_write(100);
         assertEq(uint256(test.hidden()), 100);
@@ -271,6 +275,7 @@ contract StorageTest {
     address public tF = address(1337);
     int256 public tG = type(int256).min;
     bool public tH = true;
+    bytes32 private tI = ~bytes32(hex"1337");
 
     constructor() {
         basic = UnpackedStruct({a: 1337, b: 1337});
@@ -299,4 +304,12 @@ contract StorageTest {
     function const() public pure returns (bytes32 t) {
         t = bytes32(hex"1337");
     }
+
+    function extra_sload() public view returns (bytes32 t) {
+        // trigger read on slot `tE`, and make a staticcall to make sure compiler doesn't optimize this SLOAD away
+        assembly {
+            pop(staticcall(gas(), sload(tE.slot), 0, 0, 0, 0))
+        }
+        t = tI;
+    }
 }
